Staff Information Security Engineer - Threat Defence & Automation
Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.
How We Work At Proofpoint you'll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values: Bold in how we dream and innovate; Responsive to feedback, challenges and opportunities; Accountable for results and best in class outcomes; Visionary in future focused problem-solving; Exceptional in execution and impact.
Role Overview
We're seeking a Staff Information Security Engineer to help lead and evolve our Global Information Security Operation. In this role, you'll shape incident response strategy, push forward advanced threat detection and defence capabilities, and take point on the most complex security investigations across the enterprise. As a Staff-level engineer, you will operate as a subject matter expert and technical leader, partnering across SOC, Threat Intelligence, Detection Engineering, and Security Engineering to improve Proofpoint's ability to detect, respond to, and proactively hunt advanced threats. This role includes participation in a 24/7 on‑call incident response rotation.
Key Responsibilities
Serve as a Level 3 / Staff escalation point for high‑severity incidents
Lead investigations into APTs, ransomware, insider threats, and cloud compromises
Act as incident commander and coordinate response efforts
Participate in 24/7 on‑call incident response
Lead threat hunting across endpoint, network, identity, and cloud
Operationalise threat intelligence into detections and response
Design and improve detections across SIEM, EDR, and SOAR
Automate incident triage and response workflows
Drive post‑incident reviews and continuous improvement
Mentor team members and influence security strategy
Required Qualifications & Experience
Extensive experience in Incident Response, DFIR, Threat Hunting, or Security Operations
Deep expertise in incident response, threat hunting, and threat intelligence
Strong knowledge of MITRE ATT&CK and adversary TTPs
Experience with SIEM, EDR, SOAR, and cloud security
Scripting experience (Python, PowerShell, or Bash)
Strong communication and leadership skills
Nice To Have
Experience building threat hunting or detection programs
Background in threat intelligence or red/purple teaming
Certifications such as GCFA, GCIH, CISSP, CISM, OSCP
Why Proofpoint?
Competitive compensation
Comprehensive benefits
Career success on your terms
Flexible work environment
Annual wellness and community outreach days
Always on recognition for your contributions
Global collaboration and networking opportunities
Our Culture
Our culture is rooted in values that inspire belonging, empower purpose and drive success‑every day, for everyone. We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out.
Proofpoint is an equal opportunity employer; we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status, or disability.
How to Apply
Interested? Submit your application along with any supporting information – we can’t wait to hear from you!
#J-18808-Ljbffr